Automic VaultAutomic Vault

brew

Install kubehound with Homebrew

Tool for building Kubernetes attack paths. Version 1.6.7 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install kubehound

local Homebrew formula metadata

overview

Package summary

Tool for building Kubernetes attack paths

Commands and aliases

  • kubehound

history

Project history and usage

KubeHound is Datadog's open source Kubernetes attack-graph tool. It collects cluster data, computes attack paths, and stores them in a graph database so defenders and red teams can reason about multi-hop compromise paths instead of isolated findings.

Project history

The public GitHub repository was created on May 15, 2023. Datadog Security Labs announced KubeHound on October 2, 2023, describing it as a new open source project for visualizing attack paths in Kubernetes deployments.

Datadog's 2023 Security Labs review says KubeHound was an internal project used by the adversary emulation team before it was open sourced. The documentation presents KubeHound as a graph of pods, nodes, identities, permissions, and attack techniques.

Adoption history

KubeHound is narrower than general Kubernetes admin tools, but it entered package-manager culture quickly enough to appear in Homebrew. That packaging matters for security teams because the tool is meant to run from an analyst workstation against a selected kubeconfig context.

The project's adoption signal is strongest in Kubernetes security circles: official docs, Datadog Security Labs posts, and conference material frame it as a way to prioritize security work by graph reachability rather than scanner output volume.

How it is used

KubeHound can select a target cluster through kubectx or through a KUBECONFIG environment variable. It ingests data from the Kubernetes API server, computes attack paths, stores results in JanusGraph, and supports graph queries through Gremlin or the KubeHound DSL.

The documentation says KubeHound can identify more than 25 attacks, including container escape and lateral movement techniques, and can answer questions such as whether a path exists from a specific container to a node or cluster-admin role.

Why package nerds care

KubeHound is package-nerd interesting because it brings graph-security analysis into a CLI that can be installed from Homebrew beside kubectl and kubectx. It represents the Kubernetes security tooling trend from static lists toward attack-path modeling.

Timeline

  • 2023-05-15: Public GitHub repository created
  • 2023-10-02: Datadog Security Labs announced KubeHound as an open source project
  • 2024-01-04: Datadog's Security Labs review described KubeHound as open sourced from an internal adversary-emulation project
  • 2025-11-14: v1.6.7 release published

Related projects

  • kubectx is documented as one way to select the target Kubernetes cluster.
  • JanusGraph and Gremlin are the graph database and query ecosystem used for attack-path storage and analysis.
  • The KubeHound documentation includes an attack reference for Kubernetes attack techniques.

security posture

Risk level: orange

infrastructure mutation or orchestration signal.

Risk classifier

orange risk · medium confidence · infrastructure

Why

  • infrastructure mutation or orchestration signal

Signals

  • text:kubernetes

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
kubehoundcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.6.7
manager updated
local dataok
upstreamcurrent
latest detectedv1.6.7

https://github.com/DataDog/KubeHound

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:kubehound
Version1.6.7
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/kubehound
Homepagehttps://kubehound.io
Repositoryhttps://github.com/DataDog/KubeHound
Upstream docshttps://kubehound.io/
LicenseApache-2.0
Source archivehttps://github.com/DataDog/KubeHound/archive/refs/tags/v1.6.7.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namekubehound
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment